RSA Encryption in Perl
RSA Encryption in Perl
In this tutorial, we will learn how to encrypt messages in Perl using the Crypt::RC4 module.
The Need For Encryption
Whether you realize it or not, someone is watching every email and transmission you send on the Internet. If you don't believe me, I would encourage you to read up on the Echelon project, http://www.heise.de/tp/english/inhalt/te/6929/1.html and on Carnivore, http://commons.somewhere.com/rre/2000/RRE.Public.Demo.of.Carni.html. The Echelon is an international project run by the National Security Agency that is supposedly capable of intercepting all communications around the globe. Additionally, it was recently disclosed that the Carnivore system is being installed strategic locations at ISP data centers. The Carnivore is a box that's capable if sorting through Internet traffic to capture the traffic of "suspects."
If you still don't believe me, try sending a stream of threatening messages to a friend via email with keywords like "nuclear bomb" and "assassination" or "chemical and biological weapons" and see what happens. In any case, the need for encryption is becoming very important. There's nothing to keep your ISP from reading all of your email and watching you surf the Web. So my advice is, when sending anything over the Internet that may have sensitive information, encrypt it.
Weak vs Strong Encryption
Typically, the strength of the security you use is measured by the size of the key. Many Web servers support 128 bit SSL encryption. This level of encryption has been proven to be fairly ineffective since 128 bit encrypted messages can be broken in short order. 1024 bit keys are much more secure. Still, keep in mind that the size of the key won't matter much if another party has access to the private key or secret password. There are several commercial products on the market today that will secure your files and email client. In this tutorial, however, we will learn how to encrypt files on a computer using Perl (of course).
The RSA cryptosytem was developed by Ronald Rivest, Adi Shamir, and Leonard Adleman. It's a public-key system that allows one to securely encode a message and is also used for digital signatures. The RSA algorithm works like so: you generate 2 keys; one public key, and one private key. The public key is used to encrypt the message and can safely be given out to those who want to send you an encrypted message. The private key is, well, private. You don't want to give that one out. It is the key that can decrypt the message. The result is, others can use a public key to encrypt a message that only you can decrypt with your private key. If you've ever used PGP, you're probably familiar with the process. More information on how the RSA algorithm really works is available at http://www.rsasecurity.com/rsalabs/faq/3-1-1.html.